InfoSec News





The data never lies and always tells a story. Brian Krebs wrote on his blog last week about the decline in spam and his speculation of what has become of the dormant bot nets that get used for delivering spam to the world. There was a clear reprieve in spam deliver over the 2010 year end holiday season for various reasons. SpamCop.net shows a decisive break in spam delivery that resumed action late Sunday.
Well, we wanted to share with you some corresponding DShield data. The graph below showsunwanted connections, which should be a good sample representation of infected systems. There is a slight dip which can be attributed to the holiday season or a weekend drop type of decline. It does not indicate spam cannons have been replaced by more lucrative malicious channels, nor have the bot nets taken a break either.





















Spam Cop Statistics Page
Brian Krebs - Blog Entry on Spam






--
Kevin Shortt

ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Fox News

Hacker Code Lingered on Home Depot Website
Fox News
Baldwin, who initially discovered the code and blogged about it for Infosec Island, stressed that the Home Depot site was not a threat to do-it-yourselfers ...

and more »
 
RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
 
Anticipating greater use of BI (business intelligence) on the Web and in the cloud, Jaspersoft has rebuilt its software using a standards-based Web architecture.
 
HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
 
Digital piracy sites get billions of visits a year, according to a new paper sponsored by the U.S. Chamber of Commerce.
 
Apple's new iPhone 4 has been redesigned for Verizon Wireless, with the smartphone sporting a new antenna optimized for CDMA networks.
 
Linux Kernel 'kvm_vcpu_events.interrupt.pad' Field Local Information Disclosure Vulnerability
 
Linux Kernel 'FBIOGET_VBLANK' IOCTL Local Information Disclosure Vulnerability
 
Microsoft issued two security bulletins, repairing two critical flaws affecting all versions of Windows. In addition, it issued a temporary fix for an IE zero-day vulnerability.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Microsoft today patched three vulnerabilities in Windows, one that could be exploited by attackers who dupe users into visiting a malicious Web site.
 
Dell's latest version of its long-running premium XPS 17 notebook features a revamped look, a quad-core CPU, and discrete Nvidia mobile graphics. The net result is a system that offers average performance in WorldBench 6, but surprisingly good gaming performance.
 
Verizon Wireless hasn't announced the price of its monthly iPhone data plan, igniting speculation that it plans to charge up to $120 monthly for unlimited data on top of voice and texting costs.
 
[security bulletin] HPSBMA02557 SSRT100025 rev.2 - HP OpenView Network Node Manager (OV NNM) Running on Windows, Remote Execution of Arbitrary Code
 
Microsoft Data Access Components ActiveX Data Objects Memory Corruption Vulnerability
 
ARM chief executive Warren East discusses Windows, the PC market and future architecture developments.
 
With its CEO gone, chip maker AMD has a chance to reinvigorate the company and start beating rival Intel on some new products.
 
Microsoft today turned to a new defensive measure to help users ward off ongoing attacks exploiting a known bug in IE.
 
[security bulletin] HPSBMA02621 SSRT100352 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
 
ASPR #2011-01-11-1: Remote Binary Planting in Multiple F-Secure Products
 
[SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation
 
[TOOL RELEASE] T50 Sukhoi PAK FA Mixed Packet Injector v2.45r-H2HC
 
Verizon has finally landed the iPhone and pre-orders begin Feb. 3 for Feb. 10 delivery. Will you buy the Verizon iPhone?
 
Billions of dollars, millions of man-hours, and thousands of projects at IBM are all focused on the same thing: turning scads of enterprise data into useful information.
 
Some analysts say the iPhone 4G on Verizon Wireless will cannibalize Google Android smartphone sales across various carriers, including AT&T, early on, but others disagreed.
 
MySpace is laying off 500 employees, or about 47% of its global staff, as part of a restructuring by the once-leading, now struggling social-networking site.
 
Oracle's lawsuit against support provider Rimini Street is not slowing the smaller company's momentum, as it logged its best-ever performance in the fourth quarter.
 
Wireshark ZigBee ZCL Dissector Infinite Loop Denial of Service Vulnerability
 
Wireshark DOCSIS Dissector Denial of Service Vulnerability
 
Microsoft Windows Backup 'fveapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
 
Happy New Year Everyone! Here is the 2011 Black Tuesday kick off with only two patches. Enjoy!


Overview of the January 2011 MicrosoftPatchesand their status.





#
Affected
Contra Indications
Known Exploits
Microsoft rating
ISC rating(*)


clients
servers





MS11-001
Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (Replaces None)


Windows Backup Manager, Windows Vista SP1/SP2, Windows Vista x64 Edition SP1/SP2

CVE-2010-3145
KB 2478935
Exploit available.
Severity:Important

Exploitability: 1
Important
Important



MS11-002
Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (Replaces None)


Microsoft Data Access Components 2.8 SP1/SP2, Microsoft Data Access Components 6.0

CVE-2011-0026

CVE-2011-0027
KB 2451910
No known exploits.
Severity:Critical

Exploitability: 1,1
Critical
Critical





We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.


The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them



UPDATE: MS11-002 - Known Exploits changed to No known exploits. Citation of available exploit was published in error, correction provided by reader Ben L. Thanks Ben!


Kevin Shortt

--

ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
After more than a year of rumors, Verizon announced it would start selling Apple's iPhone 4 on Feb. 10.
 
Verizon on Tuesday announced that it would offer Apple's iconic iPhone 4 on its network, becoming the second carrier in the U.S. to offer the smartphone after AT&T.
 
Mono/Moonlight Generic Type Argument Local Privilege Escalation Vulnerability
 
Verizon on Tuesday announced that it would offer Apple's iconic iPhone 4 on its network, becoming the second carrier in the U.S. to offer the smartphone after AT&T.
 
In a move that will be seen by many as a win for open-source advocates, a plan to create a consortium led by Microsoft to buy Novell patents has been withdrawn.
 
XSRF (CSRF) in whCMS
 
XSRF (CSRF) in Cambio
 
XSS vulnerability in diafan.CMS
 
XSRF (CSRF) in diafan.CMS
 
Groupon has completed its $950 million funding round and the money will be used to improve its technology infrastructure, continue its business expansion and let employees and existing investors cash out stock, the online coupon provider said.
 
Stored XSS vulnerability in diafan.CMS
 
XSRF (CSRF) in VaM Shop
 
SQL injection vulnerability in Energine
 
XSS vulnerability in VaM Shop
 

The infosec terror train
CSO (blog)
by CSO, Salted Hash – IT security news analysis, over easy! Read "Top 10 tech scares of the decade" and you'll see that FUD doesn't always measures up to ...

and more »
 
Congress may be willing to focus on some tech issues during 2011.
 
Wikipedia and its users are planning more than 300 celebration events across six continents for the 10th anniversary of the free, online encyclopedia that has become an Internet juggernaut by spreading access to information with a model that lets anyone edit its articles.
 
Analysts believe several factors figure into the upcoming departure of Bob Muglia as president of Microsoft's Server and Tools Business.
 
In the history of the H-1B visa program, few have played a role as important as that of Gene Sperling, who last week was appointed by President Obama to head the National Economic Council.
 
How do Google, State Farm and other companies balance private and open space for their tech employees?
 
The sale of hacked iTunes accounts in China has been dealt a blow as the Chinese online retailer Taobao.com has decided to remove all product listings relating to the sale of the stolen accounts.
 
If Verizon Wireless introduces its own version of the Apple iPhone on Tuesday, users of its network might begin to face some of the same performance problems that plagued AT&T subscribers in some areas since the rollout of the popular iPhone 3G.
 
Mobile operators were out in full force at the International Consumer Electronics Show in Las Vegas last week, promoting their improved data networks and unveiling new devices. But with their marketing efforts in overdrive, the operators may confuse rather than attract users.
 
For tech workers, hiring and wages improved at year end, mirroring last month's overall gain in employment.
 
Take a gander at our picks for the most intriguing tablets from CES. Is one of these new models in your future?
 
ComingChina.com U-Mail 'edit.php' Arbitrary File Upload Vulnerability
 
InfoSec News: DISA creates DMZ to boost security on unclassified network: http://gcn.com/articles/2011/01/07/disa-panel-dod-dmz.aspx
By Amber Corrin GCN.com Jan 10, 2011
The Defense Information Systems Agency has created a "demilitarized zone" for unclassified applications to help manage access and improve security between the public Internet and Unclassified but Sensitive IP Router Network (NIPRNet), according to Dave Mihelcic, DISA's CTO.
The DMZ protects against cyberattacks, he said. In the case of a cyber attack, the DMZ would allow increased security while still leaving critical servers open to the Internet as necessary
DISA has taken a leadership role in locking down military cybersecurity, and the DMZ is one of two programs that are emerging as key components to maintaining the security of DOD’s most sensitive data, officials have said.
“We have to share information safely,” said Richard Hale, DISA chief information assurance executive. “If we break sharing, we’ve broken a lot of things…but we still have to keep things secret.” Hale and Mihelcic spoke as part of a DISA panel at a luncheon held in Arlington, Va., and sponsored by the DC chapter of AFCEA.
[...]
 
InfoSec News: IBM DeveloperWorks site hacked and defaced: http://www.computerworld.com/s/article/9204300/IBM_DeveloperWorks_site_hacked_and_defaced
By Joab Jackson IDG News Service January 10, 2011
An IBM site for developers was defaced over the weekend, with attackers replacing some of the Web pages on the site with ones containing their [...]
 
InfoSec News: Hackers steal data of 2, 000 people in attack on Fine Gael website: http://www.irishtimes.com/newspaper/ireland/2011/0111/1224287236758.html
The Irish Times January 11, 2011
TWO INVESTIGATIONS are under way by gardaí and the Office of the Data Protection Commissioner following the theft of personal data belonging [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, January 2, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, January 2, 2011
15 Incidents Added.
======================================================================== [...]
 
InfoSec News: Security lapses at Stats Can: http://www.torontosun.com/news/canada/2011/01/10/16832711.html
By KATHLEEN HARRIS QMI Agency Toronto Sun January 10, 2011
OTTAWA -- From lost laptops to stray confidential documents, Statistics Canada has grappled with several "serious" security breaches that have [...]
 
ProFTPD SReplace Remote Buffer Overflow Vulnerability
 

Posted by InfoSec News on Jan 11

http://www.irishtimes.com/newspaper/ireland/2011/0111/1224287236758.html

The Irish Times
January 11, 2011

TWO INVESTIGATIONS are under way by gardaí and the Office of the Data
Protection Commissioner following the theft of personal data belonging
to 2,000 members of the public from a Fine Gael website on Sunday night.

The party contacted gardaí yesterday after media outlets were e-mailed
by someone claiming to be from online activist...
 

Posted by InfoSec News on Jan 11

http://gcn.com/articles/2011/01/07/disa-panel-dod-dmz.aspx

By Amber Corrin
GCN.com
Jan 10, 2011

The Defense Information Systems Agency has created a "demilitarized
zone" for unclassified applications to help manage access and improve
security between the public Internet and Unclassified but Sensitive IP
Router Network (NIPRNet), according to Dave Mihelcic, DISA's CTO.

The DMZ protects against cyberattacks, he said. In the case of...
 

Posted by InfoSec News on Jan 11

http://www.computerworld.com/s/article/9204300/IBM_DeveloperWorks_site_hacked_and_defaced

By Joab Jackson
IDG News Service
January 10, 2011

An IBM site for developers was defaced over the weekend, with attackers
replacing some of the Web pages on the site with ones containing their
own messages, IBM confirmed Monday.

Word of the vandalism, which took place on the IBM DeveloperWorks site,
was first posted late Saturday on the Full...
 
ExtCalendar 'calendar.php' SQL Injection Vulnerability
 

Posted by InfoSec News on Jan 10

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, January 2, 2011

15 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Jan 10

http://www.torontosun.com/news/canada/2011/01/10/16832711.html

By KATHLEEN HARRIS
QMI Agency
Toronto Sun
January 10, 2011

OTTAWA -- From lost laptops to stray confidential documents, Statistics
Canada has grappled with several "serious" security breaches that have
compromised sensitive personal information about Canadians.

Internal reports obtained by QMI Agency through Access to Information
reveal a number of incidents in the...
 


Internet Storm Center Infocon Status